[c-nsp] Prevent "IP Spoofing" from inside of the network

ricardo.jantarada at bnpparibas.com ricardo.jantarada at bnpparibas.com
Tue May 24 07:55:00 EDT 2005 

Ok, but we have a few number of divices that can't be in DHCP. I'm talking
about servers in there own Vlan.
The fact is that i would like to check the IP address of every "non-DHCP"
divice before having them connected to this Vlan...
I know that switches don't deal with IP addresses but i hope there is a way
to do so.





Internet
saku/cisco-nsp at ytti.fi@puck.nether.net - 05/24/2005 11:53 AM


Sent by:    cisco-nsp-bounces at puck.nether.net

To:    cisco-nsp

cc:


Subject:    Re: [c-nsp] Prevent "IP Spoofing" from inside of the network


On (2005-05-24 11:33 +0200), ricardo.jantarada at bnpparibas.com wrote:

> A few days ago, someone accidentally took the HSRP IP Address of the
> network.
> We usualy use DHCP protocol, for clients, to protect the network for this
> kind of problems, but sometimes we have to use Hard IP addresses for
other
> diveses.
> I would like to protect this HSRP IP address to be use by someone else
than
> my routers.

 Basicly you can do this by forcing DHCP usage. Catalyst 3550 and up
support
ip source guard which only allows ports with DHCP assigned address to
communicate. You might want to configure dynamic arp inspection to go with
it.

--
  ++ytti
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/







This message and any attachments (the "message") is
intended solely for the addressees and is confidential. 
If you receive this message in error, please delete it and 
immediately notify the sender. Any use not in accord with 
its purpose, any dissemination or disclosure, either whole 
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message. 
BNP PARIBAS (and its subsidiaries) shall (will) not 
therefore be liable for the message if modified. 

                ---------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le 
"message") sont etablis a l'intention exclusive de ses 
destinataires et sont confidentiels. Si vous recevez ce 
message par erreur, merci de le detruire et d'en avertir 
immediatement l'expediteur. Toute utilisation de ce 
message non conforme a sa destination, toute diffusion 
ou toute publication, totale ou partielle, est interdite, sauf 
autorisation expresse. L'internet ne permettant pas 
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce 
message, dans l'hypothese ou il aurait ete modifie.

More information about the cisco-nsp mailing list